Moussa Ouedraogo

Selecting a Cloud Service Provider in the age of cybercrime

The benefits of resorting to the cloud, as an efficient way to provide services, have long been recognised in the academic and industrial literature. However, as more and more companies are beginning to embrace the trend, it has also become clearer that the model offers unprecedented opportunities to cybercriminals: either by enabling them to compromise a myriad of services in a single shot or by allowing cyber-criminals to amplify their capabilities through a leverage of the technology offered by the cloud. This paper highlights the importance of an informed choice of a Cloud Service Provider (CSP) in minimising ones exposure to the insecurity of a cloud context. The paper proposes a well-defined approach, known as the Complete-Auditable-Reportable or C.A.RE, as a way to minimise ones exposure to the insecurity we live within the cloud. The C.A.RE approach helps to determine the adequacy of a CSP sponsored security by assessing its completeness in addressing most, if not all, risks that a service may be exposed to; the potential of that security to be adapted upon the identification of a security vulnerability during an audit, and how transparently such information is shared with the concerned Cloud Service Consumer (CSC). A level of assurance is associated to each of the C.A.RE parameters in order to help determine the overall trustworthiness of a CSP. The analysis and comparison of the C.A.RE approach to a well-known guideline as the Cloud Service Security Alliance guidelines, reveals that C.A.RE offers a clear and efficient way in determining a Trusted Cloud Service.

Taxonomy of quality metrics for assessing assurance of security correctness

Assurance is commonly considered as “something said or done to inspire confidence” (Webster dictionary). However, the level of confidence inspired from a statement or an action depends on the quality of its source. Similarly, the assurance that the deployed security mechanisms exhibit an appropriate posture depends on the quality of the verification process adopted. This paper presents a novel taxonomy of quality metrics pertinent for gaining assurance in a security verification process. Inspired by the systems security engineering capability maturity model and the common criteria, we introduce five ordinal quality levels for a verification process aimed at probing the correctness of runtime security mechanisms. In addition, we analyse the mapping between the quality levels and different capability levels of the following verification metrics families: coverage, rigour, depth and independence of verification. The quality taxonomy is part of a framework for the Security Assurance of operational systems. These metrics can also be used for gaining assurance in other areas such as legal and safety compliance. Furthermore, the resulting metrics taxonomy could, by identifying appropriate quality security requirements, assist manufacturers of information technology (IT) in developing their products or systems. Additionally, the taxonomy could also empower consumers in IT security product selection to efficaciously and effectively match their organisational needs, while IT security evaluators can use it as a reference point when forming judgments about the quality of a security product. We demonstrate the applicability of the proposed taxonomy through access control examples.

Appraisal and reporting of security assurance at operational systems level

In this paper we discuss the issues relating the evaluation and reporting of security assurance of runtime systems. We first highlight the shortcomings of current initiatives in analyzing, evaluating and reporting security assurance information. Then, the paper proposes a set of metrics to help capture and foster a better understanding of the security posture of a system. Our security assurance metric and its reporting depend on whether or not the user of the system has a security background. The evaluation of such metrics is described through the use of theoretical criteria, a tool implementation and an application to a case study based on an insurance company network.

Towards security effectiveness measurement utilizing risk-based security assurance

Systematic and practical approaches to risk-driven operational security evidence help ensure the effectiveness and efficiency of security controls in business-critical applications and services. This paper introduces an enhanced methodology to develop security effectiveness metrics that can be used in connection with correctness assurance of security controls. This methodology is then applied to an example system: a Push E-mail service. The methodology is based on threat and vulnerability analysis, and parallel security requirement and system architecture decomposition.

Security transparency: the next frontier for security research in the cloud

The recent advances in networking and the ubiquity of the Internet have enabled the emergence of cloud computing as a viable solution for a convenient, elastic and economical usage of services. In spite of these apparent advantages, the cloud model presents some challenges that hamper its wider adoption, most of which relate to security and privacy. This paper provides a review of the current initiatives devised by both academia and industry for addressing the security concerns inherent to the cloud model. Our analysis of the state of the art reveals that although initiatives such as SLA and virtual machines monitoring, and recent development in encryption mechanisms, have contributed to addressing some of the salient issues of security and privacy in the cloud, larger initiatives, other than standards, aiming at enabling security transparency and a mutual auditability in the cloud remain to be seen. With this in mind, the paper proposes some routes towards related solutions by discussing a number of desiderata for establishing a better security transparency between a Cloud Service Provider (CSP) and a Cloud Service Consumer (CSC). Given the current reluctance of some major businesses to embrace the trend, owing mainly to the devolution of some of the security aspects to a third party, the authors argue that undertaking some initiatives in that direction is a key to sustaining the current momentum of the cloud.

Towards an abstraction layer for security assurance measurements: (invited paper)

Measurement of any complex, operational system is challenging due to the continuous independent evolution of the components. Security risks introduce another dimension of dynamicity, reflected to risk management and security assurance activities. The availability of different measurements and their properties will vary during the overall system lifecycle. To be useful, a measurement framework in this context needs to be able to adapt to both the changes in the target of measurement and in the available measurement infrastructure. In this study, we introduce a taxonomy-based approach for relating the available and attainable measurements to the measurement requirements of security assurance plans by providing an Abstraction Layer that makes it easier to manage these dynamic features. The introduced approach is investigated in terms of a security assurance case example of firewall functionality in a Push E-mail service system.

An Agent-Based System to Support Assurance of Security Requirements

Current approaches to evaluating security assurance either focus on the software development stage or at the end product software. However, most often, it is after the deployment or implementation phase that specified security requirements may be violated. This may be due to improper deployment of the security measures, environmental hazards or to the fact that the assumptions under which the security requirements have been specified have become invalid. As such, this paper proposes an approach (supported by a system) which will complement security requirements engineering methodologies by gathering continuous evidence to inform on whether the security requirements elucidated during system development stage have been correctly implemented and as such, they can be relied upon to effectively protect system assets at runtime. We use Secure Tropos methodology to highlight the security assurance case and elicit the features of our security assurance evaluation system. We further depict the security assurance evaluation through an example based on firewalls configurations.

Security Assurance Metrics and Aggregation Techniques for IT Systems

Research literature has argued the need for a methodology to measure security assurance levels of a system as vital in order to maintain and improve the overall system security. Building on our close examination of the existing approaches for IT Information assurance, this paper proposes a risk-based security assurance metrics and aggregation techniques to be incorporated in a methodology for the evaluation of IT systems security assurance.

Assurance of Security and Privacy Requirements for Cloud Deployment Models

Despite of the several benefits of migrating enterprise critical assets to the cloud, there are challenges specifically related to security and privacy. It is important that cloud users understand their security and privacy needs, based on their specific context and select cloud model best fit to support these needs. The literature provides works that focus on discussing security and privacy issues for cloud systems but such works do not provide a detailed methodological approach to elicit security and privacy requirements neither methods to select cloud deployment models based on satisfaction of these requirements by cloud service providers. This work advances the current state of the art towards this direction. In particular, we consider requirements engineering concepts to elicit and analyze security and privacy requirements and their associated mechanisms using a conceptual framework and a systematic process. The work introduces assurance as evidence for satisfying the security and privacy requirements in terms of completeness and reportable of security incident through audit. This allows perspective cloud users to define their assurance requirements so that appropriate cloud models can be selected for a given context. To demonstrate our work, we present results from a real case study based on the Greek National Gazette.

Adopting an Agent and Event Driven Approach for Enabling Mutual Auditability and Security Transparency in Cloud based Services

We propose an event-driven approach for the automated audit of cloud based services security. The proposed approach is a solution to two of the intrinsic security issues of cloud based services, notably the need of security transparency and mutual auditability amongst the stakeholders. We leverage a logic based event specification language to represent patterns of events which occurrence can be evidence of security anomaly or breach or simply a sign of a nefarious use of the cloud infrastructure by some of its users. The use of dedicated algorithms for the detection of composite events coalesced with the definition of primitive events structure based on XCCDF format ensures the reuse and interoperability with security audit tools based on the Security Content and Automation Protocol-SCAP. The implementation and application of the approach on a cloud service dealing with electronic archiving have demonstrated its feasibility and viability.